As we start 2020, we look at the bigger picture in data privacy and protection - the ‘macro’ as opposed to the ‘micro’ - in two key areas: the climate crisis and Brexit.
Predicting the future is a thankless task.
In 1998 American futurist Michio Kaku speculated what a week in the life in 2020 would look like. Kaku, impressively, predicted an Alexa-style digital assistant although he was perhaps a little too optimistic about how much tech would be available at your local corner shop (‘we’re low on computers. Pick up a dozen more at the market while you’re at it’). Some you win, some you lose.
However, it is clear that two subjects will dominate the news this year and throughout the 2020s. Here’s our take on the next few months and years:
Climate crisis and data sustainability
On 1 May 2019, UK parliament declared a climate change emergency. Hundreds of other countries, towns and cities across the world followed suit, from New York City to Nagano, Paris to Penzance.
It is perhaps no wonder, then, that by November 2019 Oxford Dictionaries included ‘climate emergency’ as its word of the year, its usage being over 100 times as common as over the previous year, according to its data.
So what has this all got to do with data protection?
As it happens, more that you’d think.
The consequences of data processing on a massive scale are becoming increasingly clear. Click on The Internet – Every Second and watch the estimated amount of data generated every second grow at dizzying speed. Forbes estimated in 2018 that 2.5 quintillion bytes of data are created each day. In 2019, the World Economic Forum predicted that ‘the entire digital universe is expected to reach 44 zettabytes’ by this year or, in plain terms, there will be ‘40 times more bytes than there are stars in the observable universe’.
Do we really need all this data? More importantly, how much is it costing us to store it financially and environmentally?
Prior to his death in 2019, former European data protection supervisor Giovanni Buttarelli shared his vision of the future with Christian D'Cunha, publishing his manifesto Privacy 2030: A Vision for Europe in November last year.
The report advocates a ‘digital green new deal’ asserting that ‘digital technology and privacy regulation must become part of a coherent solution for both combating and adapting to climate change’, adding that ‘the religion of data maximisation, notwithstanding its questionable compatibility with EU law, now appears unsustainable also from an environmental perspective’.
The result? Our view is that the 2020s will see more and more businesses looking at their use of data not only from a GDPR point of view but also from a corporate and social responsibility (CSR) standpoint. It may take some time before data sustainability becomes the norm but it is arguably only a matter of time before activists cotton on to the impact of unnecessary data use and storage.
In the meantime, regulators will continue to push for data minimisation from a GDPR perspective - witness the €14.5 million fine levied on a German real estate company late last year for retaining certain data for an unjustified unlimited period.
Brexit 1.0 done. Brexit 2.0 looms
Whether we like it or not, any discussion of predictions for 2020 has to include Brexit: not the divorce at the end of this month but the deadline for the trade deal at the end of this year.
On 31 January 2020 - unless something unforeseen happens in the UK parliament this month - the UK will leave the EU at 11pm on that date (Brexit 1.0). Eleven months later, at 11pm on 31 December 2020, the transitional arrangements with the EU will fall away (Brexit 2.0) unless this period is extended, which the UK government is adamant won’t happen.
The good news? 2020 is a leap year so the UK and EU have an extra day to try to hammer out the trade deal between them. The bad news? 335 days is a fiendishly short period in which to agree the future trading relationship including - and this is key for data protection - an adequacy decision for data transfers from the EU to the UK.
Recent reports in the UK press signal that the EU is likely to link progress on its adequacy decision with the wider trade negotiations. What’s more, the European data protection supervisor Wojciech Wiewiórowski, has been reported as saying that the UK is at the ‘end of the queue’ for an adequacy decision.
Although Wiewiórowski isn’t in charge of agreeing the decision, his concerns echo those of many EU officials who, in particular, are worried about how the UK intelligence agencies collect and use personal data.
The result? 2020 is likely to see the politicisation of data protection. An adequacy decision may happen by Brexit 2.0. Of course, it may not. We are unlikely to get a clear picture on adequacy until well into the new year.
While 2020 will doubtless see much hand-wringing on key topics such as data protection, it is clear that the EU and UK still need to work with one other.
In the meantime, in this continued time of uncertainty for businesses, there are many things that you can do to protect your data flows (see the flyers on our website here).
The privacy and data team wishes you a happy, healthy and prosperous 2020.